notbugAs an Amazon Associate I earn from qualifying purchases.
Want a good read? Try FreeBSD Mastery: Jails (IT Mastery Book 15)

Current status

The server has been repaired, with a new power supply, for $23. I am waiting for lower COVID rates before visiting the datacenter to return it.
VUXML processing is halted. All vuln information is out of date.
Port details
chrony System clock synchronization client and server
4.0 net on this many watch lists=2 search for ports that depend on this port An older version of this port was marked as vulnerable. Find issues related to this port Report an issue related to this port View this port on Repology. pkg-fallout 4.0Version of this port present on the latest quarterly branch.
Maintainer: mandree@FreeBSD.org search for ports maintained by this maintainer
Port Added: 2014-04-08 17:07:07
Last Update: 2021-01-19 20:24:46
SVN Revision: 562078

People watching this port, also watch: openjdk8, netdata, coreutils

License: GPLv2
Description:
SVNWeb : Homepage
pkg-plist: as obtained via: make generate-plist
Expand this list (18 items)
Collapse this list.
  1. /usr/local/share/licenses/chrony-4.0/catalog.mk
  2. /usr/local/share/licenses/chrony-4.0/LICENSE
  3. /usr/local/share/licenses/chrony-4.0/GPLv2
  4. bin/chronyc
  5. @sample etc/chrony.conf.sample
  6. man/man1/chronyc.1.gz
  7. man/man5/chrony.conf.5.gz
  8. man/man8/chronyd.8.gz
  9. sbin/chronyd
  10. @dir(chronyd,chronyd) /var/db/chrony
  11. @comment share/doc/chrony/chrony.conf.html
  12. @comment share/doc/chrony/chronyc.html
  13. @comment share/doc/chrony/chronyd.html
  14. @comment share/doc/chrony/faq.html
  15. @comment share/doc/chrony/installation.html
  16. @owner
  17. @group
  18. @mode
Collapse this list.
  • chrony>0:net/chrony
Conflicts:
CONFLICTS_INSTALL:
  • chrony-lite
Conflicts Matches:
There are no Conflicts Matches for this port. This is usually an error.
To install the port: cd /usr/ports/net/chrony/ && make install clean
To add the package: pkg install chrony
PKGNAME: chrony
Flavors: there is no flavor information for this port.
distinfo:
Packages: (move your mouse over the cells for more information)
chrony
ABIlatestquarterly
FreeBSD:11:aarch643.33.5_3
FreeBSD:11:amd644.04.0
FreeBSD:11:armv62.43.5.1
FreeBSD:11:i3864.04.0
FreeBSD:11:mips2.4-
FreeBSD:11:mips64--
FreeBSD:12:aarch643.34.0
FreeBSD:12:amd644.04.0
FreeBSD:12:armv63.33.5.1
FreeBSD:12:armv73.33.5.1
FreeBSD:12:i3864.04.0
FreeBSD:12:mips3.3-
FreeBSD:12:mips643.3-
FreeBSD:12:powerpc64-4.0
FreeBSD:13:aarch644.0-
FreeBSD:13:amd644.0-
FreeBSD:13:armv64.0-
FreeBSD:13:armv74.0-
FreeBSD:13:i3864.0-
FreeBSD:13:mips--
FreeBSD:13:mips64--
FreeBSD:13:powerpc64--
 

Slave ports
  1. net/chrony-lite

Dependencies
NOTE: FreshPorts displays only information on required and default dependencies. Optional dependencies are not covered.
Build dependencies:
  1. gmake>=4.3 : devel/gmake
  2. pkgconf>=1.3.0_1 : devel/pkgconf
Library dependencies:
  1. libnettle.so : security/nettle
  2. libgnutls.so : security/gnutls
  3. libedit.so.0 : devel/libedit
There are no ports dependent upon this port

Configuration Options

USES:

Master Sites:
Expand this list (5 items)
    Collapse this list.
  1. http://distcache.FreeBSD.org/local-distfiles/mandree/
  2. http://distcache.eu.FreeBSD.org/local-distfiles/mandree/
  3. http://distcache.us-east.FreeBSD.org/local-distfiles/mandree/
  4. http://distcache.us-west.FreeBSD.org/local-distfiles/mandree/
  5. https://download.tuxfamily.org/chrony/
  6. Collapse this list.

Number of commits found: 35

Commit History - (may be incomplete: see SVNWeb link above for full details)
DateByDescription
19 Jan 2021 20:24:46
Original commit files touched by this commit  4.0
Revision:562078
decke search for other commits by this committer
net/chrony: Preparations for a new slave port

PR:		252584
Submitted by:	myself
Approved by:	mandree@
07 Oct 2020 17:40:56
Original commit files touched by this commit  4.0
Revision:551656
mandree search for other commits by this committer
net/chrony: update to 4.0 release

Changelog: https://git.tuxfamily.org/chrony/chrony.git/tree/NEWS?id=4.0#n1

Update options (unfortunately the crypto stuff is a bit contorted
with NSS <-> Nettle incompatibilities and NTS requiring GnuTLS and Nettle).
22 Aug 2020 11:03:03
Original commit files touched by this commit  3.5.1
Revision:545759
mandree search for other commits by this committer
net/chrony: security update to 3.5.1

This upstream update essentially contains one Git commit:
https://git.tuxfamily.org/chrony/chrony.git/commit/?h=3.5-stable&id=f00fed20092b6a42283f29c6ee1f58244d74b545

It is to fix a symlink vulnerability when writing the pidfile.

Changelog:
https://listengine.tuxfamily.org/chrony.tuxfamily.org/chrony-announce/2020/08/msg00000.html

MFH:		2020Q2 (blanket: upstream has one specific git commit between 3.5 and
3.5.1)
Security:	CVE-2020-14367
Security:	719f06af-e45e-11ea-95a1-c3b8167b8026
16 May 2020 10:51:33
Original commit files touched by this commit  3.5_3
Revision:535391 This port version is marked as vulnerable.
sunpoet search for other commits by this committer
Bump PORTREVISION for security/nettle shlib change
08 May 2020 01:35:58
Original commit files touched by this commit  3.5_2
Revision:534317 This port version is marked as vulnerable.
mandree search for other commits by this committer
net/chrony: option to use system ntpd user/group

USER_DESC was reworded to make purpose clearer.

While here, shuffle things a bit to appease portclippy.

PR:		246293
Submitted by:	olivier@
06 Apr 2020 16:27:48
Original commit files touched by this commit  3.5_2
Revision:530887 This port version is marked as vulnerable.
mandree search for other commits by this committer
net/chrony: fix regression, remove pidfile= from rc.d script

chrony handles its own pidfile, and still our status method works,
so avoid missing chrony's own lock management.

PR:		245399
Reported by:	Peter Putzer
05 Apr 2020 21:27:56
Original commit files touched by this commit  3.5_1
Revision:530842 This port version is marked as vulnerable.
mandree search for other commits by this committer
net/chrony: take maintainership, repeated timeouts from yonas@fizk.net
05 Apr 2020 21:20:11
Original commit files touched by this commit  3.5_1
Revision:530840 This port version is marked as vulnerable.
mandree search for other commits by this committer
net/chrony: make NETTLE build robust, improve rc script, re-enable NSS

Changes by Colin T.:
* Always require pkgconfig instead of only requiring it for NSS,
  because otherwise chrony does not link reliably to nettle. [1]
* Add pidfile to rc.d script to stop it from complaining when
  stopping chronyd. [1]
* Document chronyd_* options in rc.d script. [1]

Changes by Matthias Andree:
* Move USES line up to please portlint.
* Add HTMLDOCS option, to build and install HTML docs. IMPLIES DOCS.
  Needs textproc/asciidoctor (rubygem) as build requisite.
* Turn CRYPTLIB into a _RADIO to choose at most one from NSS + NETTLE.
* Under WITH_DEBUG, add --enable-debug to CONFIGURE_ARGS.
* Remove @ (silent) from Makefile commands.
* Remove NSS_BROKEN, chrony 3.5 appears to work with NSS. Updates [3].

PR:		244534 [1]
PR:		242510 [2]
PR:		223840 [3]
Submitted by:	Colin T. <bugzilla@nulldir.e4ward.com> [1]
Reported by:	Matt Smith <freebsd@xtaz.uk> [2]
Approved by:	maintainer timeout (yonas@fizk.net, 36 days)
09 Oct 2019 12:17:15
Original commit files touched by this commit  3.5
Revision:514143 This port version is marked as vulnerable.
bapt search for other commits by this committer
Drop the ipv6 virtual category for n* category as it is not relevant anymore
02 Sep 2019 22:35:05
Original commit files touched by this commit  3.5
Revision:510861 This port version is marked as vulnerable.
swills search for other commits by this committer
net/chrony: Update to 3.5

PR:		239596
Submitted by:	Colin T. <bugzilla@nulldir.e4ward.com>
Approved by:	maintainer timeout (yonas@fizk.net, >1 month)
09 Jul 2019 17:13:07
Original commit files touched by this commit  3.4_2
Revision:506289 This port version is marked as vulnerable.
sunpoet search for other commits by this committer
Update security/nettle to 3.5.1

- Bump PORTREVISION of dependent ports for shlib change
- Fix build of devel/pijul [1]

Changes:	https://git.lysator.liu.se/nettle/nettle/blob/master/NEWS
PR:		238991
Exp-run by:	antoine
Thanks to:	tobik [1]
27 Dec 2018 20:41:54
Original commit files touched by this commit  3.4_1
Revision:488567 This port version is marked as vulnerable.
decke search for other commits by this committer
net/chrony: Fix chrony running as server and using bindaddress

On FreeBSD, sendmsg() fails when IP_SENDSRCADDR specifies a source
address on a socket that is bound to the address. This prevents a server
configured with the bindaddress directive from responding to clients.

Add a new variable to check whether the server IPv4 socket is not bound
before setting the source address.

PR:		233644
Submitted by:	Colin T <bugzilla@nulldir.e4ward.com>
Reported by:	ddrinnon@cdor.net
Approved by:	maintainer timeout (> 3 weeks)
Obtained
from:	https://git.tuxfamily.org/chrony/chrony.git/commit/?id=6af39d63aa9323b4b8c39efe24ae0c88c949a901
23 Nov 2018 20:46:27
Original commit files touched by this commit  3.4
Revision:485706 This port version is marked as vulnerable.
swills search for other commits by this committer
net/chrony: Update to 3.4

PR:		232823
Submitted by:	Colin T. <bugzilla@nulldir.e4ward.com>
Approved by:	maintainer timeout (yonas@fizk.net, >3 weeks)
30 Aug 2018 04:05:08
Original commit files touched by this commit  3.3
Revision:478429 This port version is marked as vulnerable.
danfe search for other commits by this committer
Remove redundant DOCS, NLS, EXAMPLES, and IPV6 from OPTIONS_DEFAULT as they
are put there by the framework (see line 200 of Mk/bsd.options.mk), except
for `finance/quantlib' which makes very unorthodoxal usage of port options.
09 May 2018 03:01:58
Original commit files touched by this commit  3.3
Revision:469426 This port version is marked as vulnerable.
tobik search for other commits by this committer
net/chrony: Update to 3.3

- Add explicit DOCS, EXAMPLES options
- Replace %%PREFIX%% in sample files
- Make sure chronyc is really linked with libedit from ports
- Add support for security/nettle and use it by default since chrony crashes
  on startup when built with NSS. [1]

PR:		227779, 223840 [1]
Submitted by:	takefu@airport.fm
Approved by:	maintainer
20 Nov 2017 13:49:59
Original commit files touched by this commit  3.1_3
Revision:454559 This port version is marked as vulnerable.
rodrigo search for other commits by this committer
Add missing lib dependency in the original patch
Bump PORTREVISION

PR:		217691
Submitted by:	John Hein  <z7dr6ut7gs@snkmail.com>
Approved by:	Yonas Yanfa <yonas@fizk.net>
18 Nov 2017 22:41:34
Original commit files touched by this commit  3.1_2
Revision:454465 This port version is marked as vulnerable.
rodrigo search for other commits by this committer
Makes the NSS dependency explicit, and perform cleanup
Bump PORTREVISION

Before this patch if nss is installed when crony is built, there's a silent lib
dependency on nss, and if nss is subsequently uninstalled chrony breaks.

NSS is now turned on by default adding support for a number of more modern
hashing algorithms than md5.

Cleanup:
 - --infodir is not a valid configure option (since 2.3 I think)
 - USES=localbase instead of LDFLAGS
 - add explicit --without-tomcrypt [1]
 - add support for passing chronyd_flags to chronyd in rc.d script
 - fix some hard-coded /usr/local in examples

PR:		217691
Submitted by:	John Hein <z7dr6ut7gs@snkmail.com>
Approved by:	Yonas Yanfa <yonas@fizk.net> (maintainer)
16 Nov 2017 19:11:42
Original commit files touched by this commit  3.1_1
Revision:454328 This port version is marked as vulnerable.
feld search for other commits by this committer
net/chrony: Remove dubious security warnings in pkg-message

PR:		223647
MFH:		2017Q4
06 Mar 2017 06:53:39
Original commit files touched by this commit  3.1
Revision:435517 This port version is marked as vulnerable.
wen search for other commits by this committer
- Update to 3.1

PR:		217573
Submitted by:	yonas@fizk.net(maintainer)
13 Feb 2017 18:05:34
Original commit files touched by this commit  3.0
Revision:434012 This port version is marked as vulnerable.
krion search for other commits by this committer
Update net/chrony: enable privilege separation and other minor changes.

- enables privilege separation
- removes the build dependency on asciidoctor
- removes the runtime dependency on makeinfo and readline
- add a runtime dependency on libedit
- do not install the HTML documentation (in favour of man pages)
- update the post-install message (pkg-message) in light of privilege separation
- set the permission of /var/db/chrony to the new "chronyd" user and group

PR:		216737
Submitted by:	maintainer
Approved by:	mat (mentor)
Differential Revision:	https://reviews.freebsd.org/D9570
31 Jan 2017 03:40:46
Original commit files touched by this commit  3.0
Revision:432897 This port version is marked as vulnerable.
linimon search for other commits by this committer
Mark various ports broken on aarch64 and armv6.

Approved by:	portmgr (tier-2 blanket)
17 Jan 2017 17:37:21
Original commit files touched by this commit  3.0
Revision:431765 This port version is marked as vulnerable.
amdmi3 search for other commits by this committer
- Update to 3.0
- While here, add LICENSE_FILE and remove unneeded @dir

PR:		216184
Submitted by:	yonas@fizk.net (maintainer)
02 Dec 2016 11:58:22
Original commit files touched by this commit  2.4.1
Revision:427552 This port version is marked as vulnerable.
mat search for other commits by this committer
Do not use post-stage.  Use post-install instead.

The only reason to use post-stage is because the port needs to do
"things" at a later time, like some plist manipulation.
While there, fold post-install in do-install targets when they are
defined.

PR:		214780
Submitted by:	mat
Exp-run by:	antoine
Sponsored by:	Absolight
29 Nov 2016 23:53:36
Original commit files touched by this commit  2.4.1
Revision:427407 This port version is marked as vulnerable.
junovitch search for other commits by this committer
net/chrony: update 2.4 -> 2.4.1

PR:		214749
Submitted by:	Yonas Yanfa <yonas@fizk.net> (maintainer)
12 Jun 2016 10:41:45
Original commit files touched by this commit  2.4
Revision:416792 This port version is marked as vulnerable.
pi search for other commits by this committer
net/chrony: 2.3 -> 2.4

Changes:
  http://chrony.tuxfamily.org/news.html

PR:		210190
Submitted by:	Yonas Yanfa <yonas@fizk.net> (maintainer)
06 Jun 2016 16:50:14
Original commit files touched by this commit  2.3
Revision:416474 This port version is marked as vulnerable.
danfe search for other commits by this committer
- Remove ONLY_FOR_ARCHS restriction as chronyd(8) runs fine on PowerPC now
- Remove no-op OPTIONS_DEFAULT=IPV6, which was bogusly re-added in r416385
  by pi@ after it was previously removed by amdmi3@ in r416447
- Sanitize `post-stage' target recipe (still needs more work to decouple
  extra docs and examples properly and add them to OPTIONS_DEFINE)

Tested on:	Mac mini G4 (powerpc)
05 Jun 2016 03:35:27
Original commit files touched by this commit  2.3
Revision:416385 This port version is marked as vulnerable.
pi search for other commits by this committer
net/chrony: 2.2 -> 2.3

- submitter becomes maintainer after repeated maintainer timeouts

Enhancements
- Add support for NTP and command response rate limiting
- Add support for dropping root privileges on Mac OS X, FreeBSD, Solaris
- Add require and trust options for source selection
- Enable logchange by default (1 second threshold)
- Set RTC on Mac OS X with rtcsync directive
- Allow binding to NTP port after dropping root privileges on NetBSD
- Drop CAP_NET_BIND_SERVICE capability on Linux when NTP port is disabled
- Resolve names in separate process when seccomp filter is enabled
- Replace old records in client log when memory limit is reached
- Don't reveal local time and synchronisation state in client packets
(Only the first 15 lines of the commit message are shown above View all of this commit message)
23 May 2016 20:35:01
Original commit files touched by this commit  2.2
Revision:415742 This port version is marked as vulnerable.
amdmi3 search for other commits by this committer
Remove NLS, DOCS, EXAMPLES and IPV6 from OPTIONS_DEFAULT, they are enabled by
default anyway and don't need to be listed

Approved by:	portmgr blanket
27 Dec 2015 12:53:33
Original commit files touched by this commit  2.2
Revision:404564 This port version is marked as vulnerable.
riggs search for other commits by this committer
Update to upstream version 2.2; general cleanup

Detailed log by submitter:
- Update net/chrony to latest upstream version - 2.2
- install info
- point to /var/db instead of /var/lib (per hier(7))
- use doc/install-docs target; install more docs (PORTDOCS)
- use @sample to a sample .conf file (not for .keys which will require
  manual intervention); others in examples dir (use PORTEXAMPLES)
- rm old post-install target
- fix example files for freebsd/prefix paths & ntp server names, add
  info regarding how to do log rotation if logging turned on.

PR:		204817
Submitted by:	z7dr6ut7gs@snkmail.com
Approved by:	maintainer timeout
23 Nov 2015 20:04:20
Original commit files touched by this commit  1.31.1
Revision:402324 This port version is marked as vulnerable.
pi search for other commits by this committer
net/chrony: prefix fix, remove setuid-root mode

PR:		204018
Submitted by:	John Hein <z7dr6ut7gs@snkmail.com>
Reviewed by:	koobs
Approved by:	masaki@club.kyutech.ac.jp (maintainer timeout)
23 May 2015 18:59:12
Original commit files touched by this commit  1.31.1
Revision:387180 This port version is marked as vulnerable.
pi search for other commits by this committer
net/chrony: 1.31 -> 1.31.1

- Update to 1.31.1 to resolve CVE-2015-1799, CVE-2015-1821, and CVE-2015-1822
- Regenerate patches with `make makepatch` to quiet portlint
- Strip binaries

PR:		199508
Submitted by:	Jason Unovitch <jason.unovitch@gmail.com>
Approved by:	masaki@club.kyutech.ac.jp (maintainer timeout)
22 Apr 2015 11:43:13
Original commit files touched by this commit  1.31
Revision:384486 This port version is marked as vulnerable.
robak search for other commits by this committer
net/chrony: add CPE info

PR:		199513
Submitted by:	jbeich
Approved by:	portmgr blanket
01 Nov 2014 16:17:49
Original commit files touched by this commit  1.31
Revision:372019 This port version is marked as vulnerable.
madpilot search for other commits by this committer
- Update to 1.31 [1]

While here:

- Add makeinfo and readline uses
- Fix plist orphans

PR:		194079 [1]
Submitted by:	Kevin Thompson <antiduh at csh.rit.edu>
Approved by:	maintainer timeout
09 Apr 2014 09:01:41
Original commit files touched by this commit  1.29.1
Revision:350671 This port version is marked as vulnerable.
danfe search for other commits by this committer
Some minor, non-functional wording and grammar nits.
08 Apr 2014 17:06:59
Original commit files touched by this commit  1.29.1
Revision:350635 This port version is marked as vulnerable.
danfe search for other commits by this committer
Add a port of system clock synchronization client and server (chrony).

WWW: http://chrony.tuxfamily.org/

PR:	ports/174263

Number of commits found: 35

Login
User Login
Create account

Servers and bandwidth provided by
New York Internet, iXsystems, and RootBSD

This site
What is FreshPorts?
About the authors
Issues
FAQ
How big is it?
The latest upgrade!
Privacy
Blog
Contact

Search
Enter Keywords:
 
more...

Latest Vulnerabilities
dnsmasqJan 20
goJan 19
moinmoinJan 18
ghostscript9-agpl-baseJan 17
gitlab-ceJan 14
nodeJan 14
node10Jan 14
node12Jan 14
node14Jan 14
wavpackJan 14
jenkinsJan 13
jenkins-ltsJan 13
phpmyfaqJan 12
sudoJan 11
py-cairosvgJan 10

9 vulnerabilities affecting 70 ports have been reported in the past 14 days

* - modified, not new

All vulnerabilities

Last updated:
2021-01-26 20:33:26


Ports
Home
Categories
Deleted ports
Sanity Test Failures
Newsfeeds

Statistics
Graphs
NEW Graphs (Javascript)
Traffic

Calculated hourly:
Port count 42226
Broken 82
Deprecated 204
Ignore 317
Forbidden 4
Restricted 139
No CDROM 71
Vulnerable 18
Expired 41
Set to expire 179
Interactive 0
new 24 hours 17
new 48 hours18
new 7 days41
new fortnight84
new month302

Servers and bandwidth provided by
New York Internet, iXsystems, and RootBSD
Valid HTML, CSS, and RSS.
Copyright © 2000-2021 Dan Langille. All rights reserved.